[gstreamer-bugs] [Bug 165398] New: [ffdec_mpeg2video] invalid memory access / crash

bugzilla-daemon at bugzilla.gnome.org bugzilla-daemon at bugzilla.gnome.org
Thu Jan 27 04:34:54 PST 2005 

Please DO NOT reply to this by email. All additional comments should be made in
the comments box of this bug report.

 http://bugzilla.gnome.org/show_bug.cgi?id=165398
 GStreamer | gst-ffmpeg | Ver: HEAD CVS

           Summary: [ffdec_mpeg2video] invalid memory access / crash
           Product: GStreamer
           Version: HEAD CVS
          Platform: Other
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: gst-ffmpeg
        AssignedTo: gstreamer-bugs at lists.sourceforge.net
        ReportedBy: t.i.m at zen.co.uk
         QAContact: gstreamer-bugs at lists.sourceforge.net
                CC: all-bugs at bugzilla.gnome.org


(gdb) run --gst-fatal-warnings dvdreadsrc device=/dev/sr1 title=1 ! dvddemux !
ffdec_mpeg2video ! xvimagesink

(snip libdvdread output) 

GStreamer-CRITICAL **: gst_data_unref: assertion `data != NULL' failed
aborting...

Program received signal SIGABRT, Aborted.
[Switching to Thread -1212728928 (LWP 10945)]
0xb7d1b7ab in raise () from /lib/tls/libc.so.6
(gdb) bt
#0  0xb7d1b7ab in raise () from /lib/tls/libc.so.6
#1  0xb7d1cf12 in abort () from /lib/tls/libc.so.6
#2  0xb7e5be6d in IA__g_logv (log_domain=0xb7f1ae00 "GStreamer",
log_level=G_LOG_LEVEL_CRITICAL,
    format=0xb7e81e04 "%s: assertion `%s' failed", args1=0xbfffeb2c
"\uffff\uffff\uffff\uffff&\uffff\uffff\uffff\uffff[\uffff\uffffX\031\005\b") at
gmessages.c:488
#3  0xb7e5be96 in IA__g_log (log_domain=0x0, log_level=0, format=0x0) at
gmessages.c:507
#4  0xb7e5befc in IA__g_return_if_fail_warning (log_domain=0x0,
pretty_function=0xb7f1d9e1 "gst_data_unref", expression=0x0)
    at gmessages.c:522
#5  0xb7ed138b in gst_data_unref (data=0x0) at gstdata.c:240
#6  0xb782b7e5 in gst_ffmpegdec_frame (ffmpegdec=0x80a63c0, data=0x82ac040 "",
size=1, got_data=0xbfffec54,
    expected_ts=0xbfffec58) at gstffmpegdec.c:611
#7  0xb782babc in gst_ffmpegdec_chain (pad=0x0, _data=0x8064618) at
gstffmpegdec.c:719
#8  0xb7eee894 in gst_pad_call_chain_function (pad=0x80a5da8, data=0x8064618) at
gstpad.c:4476
#9  0xb7eeb8e1 in gst_pad_push (pad=0x824a130, data=0x8064618) at gstpad.c:3287
#10 0xb7b3e8ec in gst_dvd_demux_send_subbuffer (mpeg_demux=0x824a130,
outstream=0x829b500, buffer=0x8064700,
    timestamp=18446744073709551615, offset=9, size=2025) at gstdvddemux.c:924
#11 0xb7b3aca1 in gst_mpeg_demux_parse_pes (mpeg_parse=0x82499d8,
buffer=0x8064700) at gstmpegdemux.c:919
#12 0xb7b36e56 in gst_mpeg_parse_loop (element=0x0) at gstmpegparse.c:535
#13 0xb7802256 in loop_group_schedule_function (argc=0, argv=0x80aa588) at
gstoptimalscheduler.c:1342


Might be harmless, or might not. Works okay-ish otherwise if you disregard all
the decoder errors/warnings.



If I run the above in valgrind, I get a crash:

 Invalid free() / delete / delete[]
    at 0x1B9059FF: realloc (vg_replace_malloc.c:197)
    by 0x1C37EF95: av_realloc (mem.c:103)
    by 0x1C37D0E2: av_realloc_static (utils.c:104)
    by 0x1C37CA98: alloc_table (common.c:137)
    by 0x1C37CB0A: build_table (common.c:159)
    by 0x1C37CC9A: build_table (common.c:228)
    by 0x1C37CE3B: init_vlc (common.c:289)
    by 0x1C47F1CC: init_vlcs (mpeg12.c:998)
    by 0x1C481812: mpeg_decode_init (mpeg12.c:1943)
    by 0x1C37DB2B: avcodec_open (utils.c:488)
    by 0x1C332C41: gst_ffmpegdec_open (gstffmpegdec.c:323)
    by 0x1C332E45: gst_ffmpegdec_connect (gstffmpegdec.c:406)
    by 0x1B957014: gst_pad_link_call_link_functions (gstpad.c:1343)
    by 0x1B9574CA: gst_pad_link_try (gstpad.c:1410)
    by 0x1B95B311: gst_pad_set_explicit_caps (gstpad.c:2557)
  Address 0x804EB80 is not stack'd, malloc'd or (recently) free'd

 Invalid read of size 2
    at 0x1C47A2F3: init_2d_vlc_rl (mpeg12.c:122)
    by 0x1C47F3D2: init_vlcs (mpeg12.c:1020)
    by 0x1C481812: mpeg_decode_init (mpeg12.c:1943)
    by 0x1C37DB2B: avcodec_open (utils.c:488)
    by 0x1C332C41: gst_ffmpegdec_open (gstffmpegdec.c:323)
    by 0x1C332E45: gst_ffmpegdec_connect (gstffmpegdec.c:406)
    by 0x1B957014: gst_pad_link_call_link_functions (gstpad.c:1343)
    by 0x1B9574CA: gst_pad_link_try (gstpad.c:1410)
    by 0x1B95B311: gst_pad_set_explicit_caps (gstpad.c:2557)
    by 0x1C2F18FE: gst_dvd_demux_get_video_stream (gstdvddemux.c:529)
    by 0x1C2EEDE5: gst_mpeg_demux_parse_pes (gstmpegdemux.c:917)
    by 0x1C2EAE55: gst_mpeg_parse_loop (gstmpegparse.c:535)
    by 0x1C727255: loop_group_schedule_function (gstoptimalscheduler.c:1342)
    by 0x1C726AA2: schedule_group (gstoptimalscheduler.c:1163)
    by 0x1C726D6E: gst_opt_scheduler_schedule_run_queue (gstoptimalscheduler.c:1215)
  Address 0x2 is not stack'd, malloc'd or (recently) free'd
 Process terminating with default action of signal 11 (SIGSEGV)
  Access not within mapped region at address 0x2
    at 0x1C47A2F3: init_2d_vlc_rl (mpeg12.c:122)
    by 0x1C47F3D2: init_vlcs (mpeg12.c:1020)
    by 0x1C481812: mpeg_decode_init (mpeg12.c:1943)
    by 0x1C37DB2B: avcodec_open (utils.c:488)
    by 0x1C332C41: gst_ffmpegdec_open (gstffmpegdec.c:323)
    by 0x1C332E45: gst_ffmpegdec_connect (gstffmpegdec.c:406)
    by 0x1B957014: gst_pad_link_call_link_functions (gstpad.c:1343)
    by 0x1B9574CA: gst_pad_link_try (gstpad.c:1410)
    by 0x1B95B311: gst_pad_set_explicit_caps (gstpad.c:2557)
    by 0x1C2F18FE: gst_dvd_demux_get_video_stream (gstdvddemux.c:529)
    by 0x1C2EEDE5: gst_mpeg_demux_parse_pes (gstmpegdemux.c:917)
    by 0x1C2EAE55: gst_mpeg_parse_loop (gstmpegparse.c:535)
    by 0x1C727255: loop_group_schedule_function (gstoptimalscheduler.c:1342)
    by 0x1C726AA2: schedule_group (gstoptimalscheduler.c:1163)
    by 0x1C726D6E: gst_opt_scheduler_schedule_run_queue (gstoptimalscheduler.c:1215)

Cheers 
 -Tim

(KuS DVD)

------- You are receiving this mail because: -------
You are the assignee for the bug.
You are the QA contact for the bug.

More information about the Gstreamer-bugs mailing list